Broaden gitleaks allowlist to exempt forgejo-mcp.md entirely #86
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol#86
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Follow-up from #77.
The narrow allowlist added in #77 only suppresses bare 64-hex-char strings inside
forgejo-mcp.md. CI's pinned gitleaks (8.21.2) is still flagging other patterns in the file (rule packs and heuristics differ from local 8.30.1, where the same file currently shows no hits).forgejo-mcp.mdis a pure documentation walkthrough — example commands, hashes, scope strings — with no expectation that anything in it is a real secret. Per-pattern allowlist maintenance is more cost than it's worth here.Scope
[[allowlists]]block with a broader one that exempts^forgejo-mcp\.md$regardless of content.condition = "AND"semantics moot by dropping theregexesconstraint entirely (a single criterion is naturally AND/OR-equivalent).Acceptance criteria
.gitleaks.tomlallowlist forforgejo-mcp.mdmatches the whole file, not just hex strings.secrets.ymlworkflow passes on the PR.Part of epic #2. Follow-up from #77.